decidability
play

Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of - PowerPoint PPT Presentation

Mar 08, 2024 •185 likes •791 views

Outline Security Protection Systems Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security January 16, 2014 Outline Security Protection Systems 1 Security Mono-operational command case General

  1. Outline Security Protection Systems Decidability January 16, 2014 Slide 1 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  2. Outline Security Protection Systems 1 Security Mono-operational command case General case 2 Protection Systems Take-Grant Systems SPM Slide 2 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  3. Outline Security Protection Systems What is “Secure”? Leaking Adding a generic right r where there was not one is leaking Safe If a system S , beginning in initial state s 0 , cannot leak right r , it is safe with respect to the right r . Here, “safe” = “secure” for an abstract model Slide 3 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  4. Outline Security Protection Systems What is Does “Decidable” Mean? Safety Question Does there exist an algorithm for determining whether a protection system S with initial state s 0 is safe with respect to a generic right r ? Slide 4 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  5. Outline Security Protection Systems Mono-operational command case Mono-Operational Commands Answer: Yes! Proof sketch: Consider minimal sequence of commands c 1 , . . . , c k to leak the right Can omit delete , destroy Can merge all create s into one Worst case: insert every right into every entry; with s subjects, o objects, and n rights initially, upper bound is k ≤ n ( s + 1)( o + 1) Slide 5 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  6. Outline Security Protection Systems Mono-operational command case Proof (1) Consider minimal sequences of commands (of length m ) needed to leak r from system with initial state s 0 Identify each command by the type of primitive operation it invokes Cannot test for absence of rights, so delete , destroy not relevant Ignore them Reorder sequences of commands so all create s come first Can be done because enter s require subject, object to exist Commands after these create s check only for existence of right Slide 6 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  7. Outline Security Protection Systems Mono-operational command case Proof (2) It can be shown (see exercise): Suppose s 1 , s 2 are created, and commands test rights in A [ s 1 , o 1 ], A [ s 2 , o 2 ] Doing the same tests on A [ s 1 , o 1 ] and A [ s 1 , o 2 ] = A [ s 1 , o 2 ] ∪ A [ s 2 , o 2 ] gives same result Thus all create s unnecessary Unless s 0 is empty; then you need to create it (1 create ) In s 0 : | S 0 | number of subjects, | O 0 | number of objects, n number of (generic) rights In worst case, 1 create So a total of at most ( | S 0 | + 1)( | O 0 | + 1) elements So m ≤ n ( | S 0 | + 1)( | O 0 | + 1) Slide 7 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  8. Outline Security Protection Systems General case General Case Answer: No Proof sketch: 1 Show arbitrary Turing machine can be reduced to safety problem 2 Then deciding safety problem means deciding the halting problem Slide 8 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  9. Outline Security Protection Systems General case Turing Machine Review Infinite tape in one direction States K , symbols M , distinguished blank b / State transition function δ ( k , m ) = ( k ′ , m ′ , L) in state k with symbol m under the TM head replace m with m ′ , move head left one square, enter state k ′ Halting state is q f Slide 9 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  10. Outline Security Protection Systems General case Mapping Turing machine access control matrix representation · · · s 1 s 2 s 3 s 4 s 1 A o · · · 1 2 3 4 · · · B · · · s 2 o A B C D · · · ⇒ s 3 C k o · · · ↑ D e · · · s 4 k . . . . . ... . . . . . . . . . . Turing machine with head over square 3 on tape, in state k and its representation as an access control matrix o is own right e is end right Slide 10 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  11. Outline Security Protection Systems General case Mapping Turing machine access control matrix representation s 1 s 2 s 3 s 4 · · · A · · · s 1 o 1 2 3 4 · · · s 2 B o · · · A B X D · · · ⇒ X · · · s 3 o ↑ s 4 D k 1 e · · · k 1 . . . . . ... . . . . . . . . . . After δ ( k , C) = ( k 1 , X, R), where k is the previous state and k 1 the current state Slide 11 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  12. Outline Security Protection Systems General case Command Mapping δ ( k , C) = ( k 1 , X, R) at intermediate becomes: command c k , C ( s i , s i +1 ) i f o in A[ s i , s i +1 ] and k in A[ s i , s i ] and C in A[ s i , s i ] then delete k from A[ s i , s i ] ; delete C from A[ s i , s i ] ; enter X into A[ s i , s i ] ; enter k 1 into A[ s i +1 , s i +1 ] ; end Slide 12 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  13. Outline Security Protection Systems General case Mapping Turing machine access control matrix representation s 1 s 2 s 3 s 4 s 5 A s 1 o 1 2 3 4 5 A B X Y / b s 2 B o ⇒ ↑ s 3 X o s 4 Y o k 2 s 5 k 2 e After δ ( k 1 , D) = ( k 2 , Y, R), where k 1 is the previous state and k 2 the current state Slide 13 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  14. Outline Security Protection Systems General case Command Mapping δ ( k 1 , D) = ( k 2 , Y, R) at intermediate becomes: command crightmost k , D ( s i , s i +1 ) i f e in A[ s i , s i ] and k 1 in A[ s i , s i ] and D in A[ s i , s i ] then delete e from A[ s i , s i ] ; create subject s i +1 ; enter o into A[ s i , s i +1 ] ; enter e into A[ s i +1 , s i +1 ] ; delete k 1 from A[ s i , s i ] ; delete D from A[ s i , s i ] ; enter Y into A[ s i , s i ] ; enter k 2 into A[ s i +1 , s i +1 ] ; end Slide 14 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  15. Outline Security Protection Systems General case Rest of Proof Protection system exactly simulates a Turing machine Exactly 1 end ( e ) right in access control matrix 1 right in entries corresponds to state Thus, at most 1 applicable command If Turing machine enters state q f , then right has leaked If safety question decidable, then represent TM as protection system and determine if q f leaks This implies halting problem is decidable Conclusion: safety question undecidable Slide 15 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  16. Outline Security Protection Systems General case Other Results Set of unsafe systems is recursively enumerable Delete create primitive; then safety question is complete in P-SPACE Delete destroy , delete primitives; safety question is still undecidable Such systems are called monotonic Safety question for monoconditional, monotonic protection systems is decidable Safety question for monoconditional protection systems with create , enter , delete (and no destroy ) is decidable Slide 16 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  17. Outline Security Protection Systems Take-Grant Systems Take-Grant Protection Model A specific (not generic) system Set of rules for state transitions Safety decidable, and in time linear with the size of the system Goal: find conditions under which rights can be transferred from one entity to another in the system Slide 17 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  18. Outline Security Protection Systems Take-Grant Systems System ◦ objects (passive entities like files, . . . ) • subjects (active entities like users, processes . . . ) ⊗ don’t care (either a subject or an object) G ⊢ x G ′ apply rewriting rule x (witness) to G to get G ′ G ⊢ ∗ G ′ apply a sequence of rewriting rules (witness) to G to get G ′ R = { t , g , . . . } set of rights Slide 18 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  19. Outline Security Protection Systems Take-Grant Systems Take, Grant Rules In these rules, β ⊆ α ⊆ R β α α t t ⊗ ⊗ ⊗ ⊗ take rule • ⊢ • y y x z x z β α α g g grant rule ⊗ ⊗ ⊗ ⊗ • ⊢ • y y x z x z Slide 19 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  20. Outline Security Protection Systems Take-Grant Systems Create, Remove Rules t ⊗ create rule • ⊢ • y x x α α − β ⊗ ⊗ remove rule • ⊢ • y y x x These four rules are the de jure rules Slide 20 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  21. Outline Security Protection Systems Take-Grant Systems Symmetry of Take and Grant β g α g α ⊗ ⊗ • • ⊢ • • y y x z x z β α g α t ⊗ ⊗ • • ⊢ • • y y x z x z Slide 21 ECS 235B, Foundations of Information and Computer Security January 16, 2014

  22. Outline Security Protection Systems Take-Grant Systems Symmetry of Take and Grant g α 1 x creates ( tg to new) v x • ⊗ • y z tg v Slide 22 ECS 235B, Foundations of Information and Computer Security January 16, 2014

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of

Theory of Computer Science D6. Decidability and Semi-Decidability Malte Helmert University of Basel May 4, 2016 (Semi-) Decidability Recursive Enumerability Models of Computation and Semi-Decidability Summary Overview: Computability Theory

600 views • 39 slides
Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of

Theory of Computer Science May 4, 2016 D6. Decidability and Semi-Decidability Theory of Computer Science D6.1 (Semi-) Decidability D6. Decidability and Semi-Decidability D6.2 Recursive Enumerability Malte Helmert University of Basel D6.3

406 views • 7 slides
Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which

Computational Learning Theory 1 / 22 Decidability Computation Decidability which problems have algorithmic solutions Machine Learning Feasibility what assumptions must we make to trust that we can learn an unknown target

246 views • 22 slides
Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms

Decidability Decidability p.1/27 Topics Discuss the power of algorithms to solve problems Demonstrate that some problems can be solved by algorithms while other cannot Explore the limits of algorithmic solvability

477 views • 27 slides
Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Contents 1. Introduction 2. (Un)decidability on modal MTL logics Reducing to PCP The Global

Introduction (Un)decidability on modal MTL logics Undecidability of some modal MTL logics (formerly product logics) Amanda Vidal Institute of Computer Science, Czech Academy of Sciences September 6, 2016 1 / 19 Introduction (Un)decidability

705 views • 68 slides
Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a

ICLA 2019 March 3, 2019 Proving (Un)decidability of Certain Affine Geometries Based on J.A. Makowsky Can one design a geometry engine? On the (un)decidability of affine Euclidean geometries Annals of Mathematics and Artificial Intelligence

909 views • 65 slides
Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen

Lecture Slides for MAT-73006 Theoretical computer science PART IIb: Decidability Henri Hansen February 3, 2014 1 Decidability We introduced the TM as a general purpose model of com- putation. An algorithm was basically defined

507 views • 25 slides
Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte

Theory of Computer Science C4. Regular Languages: Closure Properties and Decidability Malte Helmert University of Basel April 4, 2016 Closure Properties Decidability Summary Closure Properties Closure Properties Decidability Summary

278 views • 27 slides
How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw

How unprovable is Rabins decidability theorem? How unprovable is Rabins decidability theorem? Leszek Koodziejczyk University of Warsaw (based on joint work with Henryk Michalewski) CTFM/Tanaka60 Tokyo, September 2015 1 / 22 How

781 views • 31 slides
On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have

On the Decidability of Normed BPA Yuxi Fu Bologna, 22-23 April, 2013 Infinite state systems have been studied in Process Rewriting Systems for some time. The focus has been on the decidability of reachability, equivalence, . . . . There are

931 views • 47 slides
Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information

Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information

Outline Review Decidability of security Take-Grant Protection Model Lecture 3: Decidability January 11, 2011 Lecture 3, Slide 1 ECS 235B, Foundations of Information and Computer Security January 11, 2011 Outline Review Decidability of

783 views • 57 slides
Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu,

Decidability of distributed complexity of locally checkable problems on paths Alkida Balliu, Sebastian Brandt, Yi-Jun Chang, Dennis Olivetti, el Rabie , Jukka Suomela Mika ANR DESCARTES/ESTATE Tuesday, April 2 Mika el RABIE Decidability

971 views • 96 slides
Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and

Decidability for Justification Logics Revisited Thomas Studer Institute of Computer Science and Applied Mathematics University of Bern Bern, Switzerland joint work with Samuel Bucheli, Roman Kuznets September 2011 Thomas Studer Decidability

471 views • 25 slides
Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele

Theory of Computer Science C8. Type-1 and Type-0 Languages: Closure & Decidability Gabriele R oger University of Basel April 15, 2020 Turing Machines vs. Grammars Closure and Decidability Summary Overview Languages & Grammars

363 views • 25 slides
A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA

A compact proof of decidability for regular expression equivalence A compact proof of decidability for regular expression equivalence ITP 2012 Princeton, USA Andrea Asperti Department of Computer Science University of Bologna 25/08/2011 A

726 views • 33 slides
Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte

Theory of Computer Science C5. Context-free Languages: Normal Forms, Closure, Decidability Malte Helmert University of Basel April 6, 2016 Context-free Grammars and -Rules Chomsky Normal Form Closure Properties Decidability Summary

831 views • 47 slides
Repurposing language resources for multilingual websites Fernando Servn Food and Agriculture

Repurposing language resources for multilingual websites Fernando Servn Food and Agriculture

Food and Agriculture Organization of the United Nations Repurposing language resources for multilingual websites Fernando Servn Food and Agriculture Organization of the United Nations (FAO), Rome, Italy The Multilingual Web The Way Ahead

695 views • 13 slides
Can your diff(1) do this?! Can your diff(1) do this?! Improving soware review & QA with

Can your diff(1) do this?! Can your diff(1) do this?! Improving soware review & QA with

Can your diff(1) do this?! Can your diff(1) do this?! Improving soware review & QA with diffoscope Improving soware review & QA with diffoscope Chris Lamb Chris Lamb foss-north.se foss-north.se @lolamby @lolamby April 2018

861 views • 66 slides
Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano

Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano

Comprehensions in CHR cp Introduction Compilation Implementation Conclusion Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano Cervesato sllam@qatar.cmu.edu iliano@cmu.edu Carnegie Mellon University

499 views • 38 slides
Content mono-V Conclusion and next steps mono-Z mono-V Status report Philipp Gadow (MPP)

Content mono-V Conclusion and next steps mono-Z mono-V Status report Philipp Gadow (MPP)

11.04.2016 - JDM Meeting T Philipp Gadow (on behalf of the team) | Max-Planck-Institut fr Physik, Mnchen Search for hadronic Mono-V + E miss Content mono-V Conclusion and next steps mono-Z mono-V Status report Philipp Gadow (MPP)

428 views • 30 slides
Shared Spanning Trees GOAL Continue operating without loops in any physical connection

Shared Spanning Trees GOAL Continue operating without loops in any physical connection

Shared Spanning Trees GOAL Continue operating without loops in any physical connection topology including shared spanning tree switches, 802.1Q mono spanning tree switches, and others. Shared Spanning Trees January 27, 1999 1/11 IEEE

126 views • 11 slides
Monotasks Architecting for Performance Clarity in Data Analytics Frameworks Kay Ousterhout,

Monotasks Architecting for Performance Clarity in Data Analytics Frameworks Kay Ousterhout,

Monotasks Architecting for Performance Clarity in Data Analytics Frameworks Kay Ousterhout, Christopher Canel, Sylvia Ratnasamy, Scott Shenker Cesar Stuardo 2 Monotasks @ CS34702 - 2018 Monotask in the real world [1/1] Spend time

489 views • 21 slides
Summary and Outlook Graham Kribs IAS / Oregon SUSY at the Near Energy Frontier Fermilab

Summary and Outlook Graham Kribs IAS / Oregon SUSY at the Near Energy Frontier Fermilab

Summary and Outlook Graham Kribs IAS / Oregon SUSY at the Near Energy Frontier Fermilab Workshop 35 fantastic talks (plus this summary) large th/ex interaction ex: amazingly thorough, detailed work th: remarkably

749 views • 62 slides
All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons

All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons

All-new SDN-RX: Reactive Spring Data Neo4j Spring Data Neo4j / Neo4j-OGM Team Michael Simons Gerrit Meier @rotnroll666 @meistermeier 2 Reactive 3 Reactive Reactive in general does not boost the performance ...but gives you the control

671 views • 38 slides

More recommend